Hack Any Remote PC By IP Address Using Kali Linux

This is how we can get the IP address of the victims website. How about your friend’s PC? You can’t do www.yourfirend’ sname.com, can you? Finding your friend’s IP address is a little tough job, for you and tougher it is if he has dynamic IP address that keeps changing. But in our case, Finding friend’s/victim's IP address is as easy as A, B, C.
I'll show you one of the widely used method to detect IP address of your friend is by chatting with him or go through Find someone's IP address! in order to get IP address.
Now you got the IP address right? Is it online? To know the online status just ping the IP address, if it is online it will reply. If the IP address is online, scan for the open ports. Open ports are like closed door without locks, you can go inside and outside easily. Use Advanced Port Scanner to scan all open and venerable ports.

Read Also:-Hack Into Emails And Facebook Using Kali Linux

Now you’ve IP address and open port address of the victim, you can now use telnet to try to access them. Make sure that you’ve telnet enabled in your computer or install it from Control panel > Add remove programs > Add windows components. Now open command prompt and use telnet command to access to the IP address. Use following syntax for connection.
telnet [IP address] [Port].

You’ll be asked to input login information.

If you can guess the informations easily then it’s OK. Or you can use some brute-forcing tools like Brutus, THC- Hydra In this way you’ll able to hack remove computer using only IP address.

Love this article?

Share it with your friends on Facebook

Hacking Facebook Using Man in the Middle Attack

Before i take you to the main point, let's understand Man in the Middle Attack.

---

So What is Man in the Middle Attack?

---

An attack where a user gets between the sender and receiver of information and sniffs any information being sent. In some cases, users may be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any unencrypted information. In other cases, a user may be able to obtain information from the attack, but have to unencrypt the information before it can be read. In the picture below is an example of how a man-in-the-middle attack works. The attacker intercepts some or all traffic coming from the computer, collects the data, and then forwards it to the destination the user was originally intending to visit.

Read Also Seven Most Common Password Cracking Methods And Their Countermeasures

In this tutorial Hacking Facebook Using Man in the Middle Attack I will demonstrate how to hack Facebook using MITM (Man in the Middle). This attack usually happen inside a Local Area Network (LAN) in office, internet cafe, apartment and so on. Below is the step by step guide how MITM work, and how it can be happen to do hacking a Facebook account. In this guide, the attacker act as the third person attacker will manipulate the switch routing table so the victim will think that attacker is a Web server and vice versa, because the attacker has changed the routing table. For this tutorial we need to prepare the tools to do Proof of Concept about this tutorial. Below are some tools you need to download.
1. XAMPP–APACHE PHP MySQL
2. Cain & Abel (We use it for Man in the Middle Attack).
3. Facebook Offline Page (I have nulled the code, so this script will not contact Facebook when victim accessed fake Facebook page Download Facebook Offline Page
Update: Replace your index.php and login.php using following files. Download Here

---

Step by step Hacking Facebook Using Man in the Middle Attack

---

Attacker IP Address:
 XXX.XXX.XXX.XXX

Victim IP Address:
 XXX.XXX.XXX.62

Fake Web Server:
 XXX.XXX.XXX.XXX

Note: For Security reasons, i can't type my IP Address So, you need to replace the X with your own IP and your victim's as well.
I assume you’re in a Local Area Network now.
1. Install the XAMPP and run the APACHE and MySQL service
2. Extract the fb.rar and copy the content to C:\xampp\htdocs
3. Check the fake web server by open it in a web browser and type http://localhost/
4. Install Cain & Abel and do the APR (ARP Poisoning Routing), just see the step by step how to below Click the start/stop sniffer Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface. Go to the Sniffer tab and then click the Select "All hosts in my subnet" and Click OK.
You will see the other people in your network, but your target is XXX.XXX.XXX.62 After we got all of the information, click at the bottom of application the APR tab. Click the button, and follow the instruction below.
When you finish, now the next step is preparing to redirect thefacebook.com page to the fake web server. Click "APRDNS" and click to add the new redirecting rule. When everything is finish, just click OK Then the next step is to activate the APR by clicking the Start/Stop APR button.
5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim open http://www.facebook.com
6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker.

Love this article?

Share it with your friends on Facebook

Remotely Access Kali Terminal Using Putty

In this post we will use PuTTy to remotely or locally access Kali terminal with root priveleges. We will use SSH for this tutorial, though you can use Telnet or any other mode too.

---

Putty

---

Some theoretical inforamtion about putty for your digestion. PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers. ( putty.org) PuTTY is a popular SSH and Telnet client that helps you establish secure connections over the Internet and doesn’t even require installation. It’s especially aimed for programmers and network administrators, which means that new comers won’t find it easy to use. The program features a simple, straight forward interface with no included documentation. Despite its apparent simplicity, PuTTY is highly configurable and includes many options to tweak connections, sessions, SSH security features and even the window’s appearance. (softpedia). Basically what you need to know is Putty works on Windows and will help you execute commands on Virtual install of Kali directly from Windows. It’s like a Kali terminal in Windows. What that means is if you have any configuration other than Windows Host and Kali Guest, then PuTTy isn’t going to be useful ( you can still use it for remotely running Kali, but the focus is on host guest mechanism here).

---

Download

---

You can download putty from putty.org That’s the official download location. Softpedia, CNET, etc. also provide downloads. You will find a lot of links there, and it will take a minute to find out what you need to download. However, for the sake of ease, the link below this line is likely to be what you are looking for.

---

Kali Configuration

---

There are a few things that need to be done before PuTTy starts working. Firstly, you would be using SSH to connect to Kali (main advantage of SSH is that it’s secure, you can search google for more info on SSH). By default, the SSH service isn’t started in Kali, but you can still check with

root@kali:~#service –status-all [ - ] ssh

It will display a long list. The–against ssh indicates it is not running. Depending on whether the SSH is installed or not, you can execute the following. Run the second command first, if it works fine the installation isn’t required, if not, then execute first command.

root@kali:~#apt-get install openssh-server(to install SSH) root@kali:~#service ssh start(to start the service)

Optional: If you are connecting remotely and are afraid that someone will eavesdrop your data, then you can use public private key encryption offered by SSH. For this you need to create an RSA key. root@Kali:~#ssh-keygen -trsa You will have to specify where to store the key (just press enter for default location) and then specify a key. This step is quite unnecessary for most users. Also, type ifconfig to get your eth0 ip address.

---

Starting PuTTy on Windows

---

Start Putty, and you will see a putty configuration dialog. Enter the IP that you found out in the last step. The port will be 22 and connection type SSH. Click open and you’ll be prompted to enter the credentials for terminal access. Type in ‘root’ and your password. You can run commands from here and they will be executed on your Kali machine. There are no functionality restrictions as such, and you can do almost anything from this terminal. Type exit to end the session.

---

Auto start SSH on Kali Boot

---

Now every time you will boot into Kali, the SSH service will not be running. You will have to type the following everytime to boot service ssh start. However, there are alternatives. One straight forward one is to go to Applications -> System Tools -> Preferences -> Startup Application and click on add. Enter the command asservice ssh start and add whatever you feel like for Name and Comment. Alternatively, you can use update-rc.d to get the same functionality. It helps add/remove services which will run at booting. Execute the following command to add SSH to startup services root@kali:~#update-rc.d ssh enable You can of course write your script to start ssh, but that wouldn’t do us much good since starting the service is as easy as one line of code and you don’t write scripts that execute just one command that is quite an inefficient way of using putty scripts.

Penetration Testing: Crash Windows 7 Using Metasploit and RDC Vulnerability

---

Crashing Windows 7

---

Now while the story so far has been smooth and cozy, it gets a bit tough from here on. For modern operating systems like Windows 7, there aren’t any magical exploits like the ones we had for unpatched Windows XP machines. We had been able to hack Windows XPand try some meterpreter features on the exploited XP machine. However, when it comes to Windows 7, there aren’t any direct exploits for gaining access to the machine. We can try some client side attacks, etc. Social engineering toolkit would be great for stuff like that. However, there is still one vulnerability that waits to be exploited. In Windows 7, there is a hole in the RDP port (3389) which can work over LAN as well as over the internet. Over the internet stuff can get a bit tougher, however on the LAN, this should be a piece of cake if you have successfully followed out pentest tutorials so far.

---

Requirements

---

Now you will require an attacker Kali machine, and a victim Windows machine, both running on Virtual machines. Windows 7 should be a fresh install, with no updates, as they can patch the vulnerability, making it unexploitable. Now when you have got all this setup, you can move on to further steps.

---

Information Gathering

---

Now you’ll have to find out the IP of out victim. This would have been complicated in a real life scenario, but in our case, you just go to Windows 7, open command prompt, and type ipconfig You should be looking for IPv4 address of Local Area Network.

In our case thats where the information Gathering Stops.

---

Starting Metasploit

---

Now execute the following commands to start metasploit framework.
service postgresql start
service metasploit start
msfconsole

---

Exploit

---

Now select the exploit that we are going to be using.
auxiliary/dos/windows/rdp/ms12_020_maxchannelids
Now do a show options, it will tell you that it only requires two options, RHOST and RPORT. Rport is obviously 3389, the remote desktop port. The RHOST is the one you found out in the information gathering step. use the following code to set the RHOST set RHOST 192.168.—.—
Surprising as it may seem, we are done already. Just type exploit and The target machine will get a Blue Screen of Death and will reboot. You can do this as many times as you feel like, and in real life scenario, it can be really annoying, considering it can be done over the internet too.

---

Possible Problems

---

If you get an error of this sort, then most probably your Windows 7 machine has firewall enabled, and is blocking your packets. An antivirus could do the same thing. There might be some issues with the LAN connection too. A good diagnosis test would be to ping the machine. Go to a kali terminal and execute ping 192.168.—.—
After waiting for a while, press ctrl C which will stop the pinging.

If you get something like this (0 packets received), then there is absolutely no communication between the Kali and Windows machine (in effect, they are not on the same network, even though they are). That’s why the exploit doesn’t work.

Something like this means that the connection is just fine, and probably the Windows machine has become immune to the attack due to some patch. Look Here If its the former case, then you’ll have to find a way to get the connection working, and if its the latter, then try disabling firewall, antivirus, and maybe setting the network as home instead of public. Then go to advanced sharing settings, and choose all the options that you think will make your computer easier to hack. If possible, see if you can uninstall updates. The final thing to do is to get an early unpatched release of Windows 7. In some cases installing VMware tools might help.

---

Enable Remote Desktop

---

In many Windows releases, remote desktop is turned off by default. To enable it, follow these steps:
Go to System Control Panel\System and Security\System). Click on Remote settings. Select the “Allow Remote Connections to this computer” button. Click OK.

Love this article?

Share it with your friends on Facebook

Hack Into Emails And Facebook Using Kali Linux

Kali Linux is undoubtedly one of the most popular and advanced penetration testing platforms till date. Many or even most hackers prefer to use this platform for all their endeavours. Ethical hacking also is a much sought after field and here’s something that Kali Linux users will appreciate.
The following steps show how to clone email and Facebook using Backtrack 5 or Kali Linux.
1. Download Kali Linux from it's official Website.
2. Extract the contents of Kali Linux file which you downloaded in above step and copy it to pendrive or instead of pendrive burn the file in CD if you want to make a CD of it.
3. After copying the contents, reboot your system and press F8 on boot time then select boot from pendrive if you have copied all the files in pendrive else boot from CD-Rom if you burn the file in CD.
4. After selecting the boot from device, the kali installation window will open, install accordingly as per your requirement.
NOTE: During installation, in mount point of selected installation drive, set mount point to"/".
5. Remember the username and password while installation as this will be necessity for this hacking method.
6. Once the installation is completed, system will reboot and log into your account.
7. Your system is ready for use.
8. Open the backtrack terminal use the ifconfig command to find your IP address.
9. On the terminal type cd/pentest/exploits/set
10. You will need to have the Social Engineering Toolkit (SET) for this one.
11. Start this use and then choose the second option which says Website Attack Vectors.
12. In the next part you have to select the 4th option, which says Tabnabbing Attack Method.
13. Choose the second option, which is Site Cloner.
14. Now you have to enter the URL of the website that you want to clone or hack into. In this case the URL will be www.ymail.com. The SET will automatically create the clone. Press enter in order to continue.
15. The URL now needs to be converted into the Google URL. For this use goo.gl and send the link address to your targeted person via email, chat etc.
16. When your victim will open their internet browser for Gmail, they should get a message saying that the page is still loading. As soon as they open a new tab, the fake clone that we made will start functioning.
Once the process is completed, you will see something as shown in the image below.
The next step is the most important step, till now we have create the IP address go online and anyone who visit your IP address will see the page which will look like the website of whose url you entered to clone. In this step you need to shortened your IP address by using services like ADF.LY, Binbox, Goo.gl,etc. Once you enter your IP Address on these sites to shorten, they will provide you a link, all you need to do is just send this shortened link to your victim.
When the victim visit the url which you have sent, will see a same page of which url you had entered to clone. The victim will think that it is a original page and when the victim enters any of their information you will find it in the terminal.
In this example i have used ymail.com. Therefore, the victim will see homepage of yahoo mail.
If you get stuck anywhere give us your IP using this link in order to let us get control on your machine for remote kali setup. (We'll not take responsibiliy of any kind of demage caused by remote setup. you must do it at your own risk).

Love this article?

Share it with your friends on Facebook